GHSA-m5r7-w9v3-ghmx

Source

https://github.com/advisories/GHSA-m5r7-w9v3-ghmx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m5r7-w9v3-ghmx/GHSA-m5r7-w9v3-ghmx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m5r7-w9v3-ghmx

Aliases

CVE-2017-7665

Published

2022-05-17T02:40:53Z

Modified

2023-11-08T03:59:25.844719Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Apache NiFi

Details

In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.

Database specific

{
    "nvd_published_at": "2017-06-12T16:29:00Z",
    "github_reviewed_at": "2022-11-01T22:32:49Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.nifi:nifi

Package

Name: org.apache.nifi:nifi; View open source insights on deps.dev
Purl: pkg:maven/org.apache.nifi/nifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.4

Affected versions

0.*

0.0.1-incubating

0.0.2-incubating

0.1.0-incubating

0.2.0-incubating

0.2.1

0.3.0

0.4.0

0.4.1

0.5.0

0.5.1

0.6.0

0.6.1

0.7.0

0.7.1

0.7.2

0.7.3

Maven / org.apache.nifi:nifi

Package

Name: org.apache.nifi:nifi; View open source insights on deps.dev
Purl: pkg:maven/org.apache.nifi/nifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.3.0

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0